Millions of WordPress sites have encountered a vulnerability that allows ordinary users to back up all their data

0
439

 

Millions of WordPress sites have encountered a vulnerability that allows ordinary users to backup all their data

Millions of WordPress sites have had to install emergency and forced security updates due to a vulnerability in a very popular add-on called UpdraftPlus, which allows steady users to make site backups.

The UpdraftPlus extension provides site owners with the ability to save a backup copy of their site databases, but it was famous that this add-on did not provide this feature only to site owners, but it is available to anyone who has a membership in the sites that support it – meaning that provided you are registered on a site that contains this add-on, You can back up the entire website on your device.

A Jetpack security researcher discovered this vulnerability during a plugin review, where Jetpack protects WordPress sites and security-tests plugins so they don’t cause breaches. While reviewing the extension, the researcher found that any registered user of the site can make a backup copy of the site and download its entire database.

The researcher then informed the developers of UpdraftPlus, who in turn sent forced updates to the 3 million-plus sites that had already installed the add-on.


Source:

Jetpack

Leave A Reply

Please enter your comment!
Please enter your name here